Information Security News mailing list archives
Re: Update: Money seen as biggest obstacle to effective IT security
From: InfoSec News <isn () c4i org>
Date: Sat, 19 Jul 2003 03:32:41 -0500 (CDT)
Forwarded from: Mark Bernard <mbernard () nbnet nb ca> Dear Associates, If you read between the lines this story really identifies the difference between a CISSP designation and a CISM designation. One designation is entirely solution oriented while the other is business oriented. The CISSP does not demonstrate the skills necessary to justify Information Security (InfoSec) to a business. So all those businesses rushing out to get staff with a CISSP designation without additional business management skills have shot themselves in the foot. Companies will not budget for InfoSec unless it is a legitimate business need and that means justification in business terms. Without justification businesses will continue to only budget for InfoSec positions assigned to larger non InfoSentric business units. Its not entirely managements fault because they truly believe that this will reduce the risk and take care of any problems that they might encounter. This is the way that traditional management has always dealt with more work, they hire more staff! This however is a short-term fix which is very apparent within this survey. Without adequate justification tied to strategic and tactical business objectives InfoSec budgets will continue to not get approved. After all, just because someone with a CISSP says that something needs to be attended to doesn't mean that the company will automatically open up the vault. Regards, Mark, CISM, CISSP. ----- Original Message ----- From: "InfoSec News" <isn () c4i org> To: <isn () attrition org> Sent: Thursday, July 17, 2003 4:46 AM Subject: [ISN] Update: Money seen as biggest obstacle to effective IT security
http://www.computerworld.com/securitytopics/security/story/0,10801,83109,00.html By JAIKUMAR VIJAYAN JULY 16, 2003 Computerworld Inadequate funding remains the single largest obstacle to implementing effective IT security measures at most companies, according to the results [1] of a recently completed global survey by Ernst & Young International. Even so, a majority of the companies surveyed said they rarely or never calculate return on investment when building a case for information security budgets. "Return on investment appears to have fallen out of favor as a measure of the effectiveness of information security spending," Mark Doll, Americas director of Ernst & Young's Security Services division, said in a prepared statement. "It looks like we need to find a credible alternative to conventional ROI approaches in order to secure funds for the information security function." The "2003 Ernst & Young Global Information Security Survey" was conducted over a two-month period in early 2003 and includes responses from more than 1,400 organizations in 66 countries. Not surprisingly, 90% of the organizations surveyed said that IT security is of high importance to them, with 78% identifying risk reduction as the top factor influencing security spending.
[...] - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Update: Money seen as biggest obstacle to effective IT security InfoSec News (Jul 17)
- <Possible follow-ups>
- RE: Update: Money seen as biggest obstacle to effective IT security InfoSec News (Jul 18)
- Re: Update: Money seen as biggest obstacle to effective IT security InfoSec News (Jul 19)
- Re: Update: Money seen as biggest obstacle to effective IT security InfoSec News (Jul 19)